SONAR-4537 Code Viewer permission should only prevent users from seeing the code...

diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/Lcom4Viewer.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/Lcom4Viewer.java
index 1ef5dd920209a75abfbd1e1fd1852294a3bdbe90..beef656d05086acf97cd6b5d65ca5e80cfe12286 100644 (file)
--- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/Lcom4Viewer.java
+++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/Lcom4Viewer.java
@@ -21,17 +21,11 @@ package org.sonar.plugins.core.web;
 
 import org.sonar.api.measures.CoreMetrics;
 import org.sonar.api.resources.Qualifiers;
-import org.sonar.api.web.AbstractRubyTemplate;
-import org.sonar.api.web.DefaultTab;
-import org.sonar.api.web.NavigationSection;
-import org.sonar.api.web.RequiredMeasures;
-import org.sonar.api.web.ResourceQualifier;
-import org.sonar.api.web.RubyRailsPage;
-import org.sonar.api.web.UserRole;
+import org.sonar.api.web.*;
 
 @RequiredMeasures(allOf = {CoreMetrics.LCOM4_KEY})
 @NavigationSection(NavigationSection.RESOURCE_TAB)
-@UserRole(UserRole.CODEVIEWER)
+@UserRole(UserRole.USER)
 @ResourceQualifier(Qualifiers.CLASS)
 @DefaultTab(metrics = {"lcom4", "lcom4_blocks"})
 public class Lcom4Viewer extends AbstractRubyTemplate implements RubyRailsPage {

diff --git a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/TestsViewer.java b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/TestsViewer.java
index 0aa4f9b0086381cc1503428ebee76e1da7018da9..e4a41d9752a8ab00db209cd31eabe4b2771662b5 100644 (file)
--- a/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/TestsViewer.java
+++ b/plugins/sonar-core-plugin/src/main/java/org/sonar/plugins/core/web/TestsViewer.java
@@ -21,19 +21,14 @@ package org.sonar.plugins.core.web;
 
 import org.sonar.api.measures.CoreMetrics;
 import org.sonar.api.resources.Qualifiers;
-import org.sonar.api.web.AbstractRubyTemplate;
-import org.sonar.api.web.DefaultTab;
-import org.sonar.api.web.NavigationSection;
-import org.sonar.api.web.ResourceQualifier;
-import org.sonar.api.web.RubyRailsPage;
-import org.sonar.api.web.UserRole;
+import org.sonar.api.web.*;
 
 @ResourceQualifier(Qualifiers.UNIT_TEST_FILE)
 @NavigationSection(NavigationSection.RESOURCE_TAB)
 @DefaultTab(metrics = {
     CoreMetrics.TESTS_KEY, CoreMetrics.TEST_EXECUTION_TIME_KEY, CoreMetrics.TEST_SUCCESS_DENSITY_KEY,
     CoreMetrics.TEST_FAILURES_KEY, CoreMetrics.TEST_ERRORS_KEY, CoreMetrics.SKIPPED_TESTS_KEY})
-@UserRole(UserRole.CODEVIEWER)
+@UserRole(UserRole.USER)
 public class TestsViewer extends AbstractRubyTemplate implements RubyRailsPage {
 
   public String getId() {

diff --git a/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties b/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties
index 93d6f088d4a93d4150d2c54ab9aff91f1757907e..c315e6334da07aeb1d0bc6de1a964894c7b44a04 100644 (file)
--- a/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties
+++ b/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties
@@ -1227,6 +1227,7 @@ coverage_viewer.x_covered_branches={0} branches are covered by tests
 #
 #------------------------------------------------------------------------------
 code_viewer.no_info_displayed_due_to_security=Due to security settings, no information can be displayed.
+code_viewer.no_source_code_displayed_due_to_security=Due to security settings, no source code can be displayed.
 
 
 #------------------------------------------------------------------------------

diff --git a/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java b/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java
index f2f25d9c307f14134ee8b38d16e80e4e9cec7c30..09d958c217647a3af6d957c2e136a5c131844774 100644 (file)
--- a/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java
+++ b/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java
@@ -42,7 +42,7 @@ public final class DefaultPages {
   @NavigationSection(NavigationSection.RESOURCE_TAB)
   @DefaultTab
   @ResourceQualifier({Qualifiers.FILE, Qualifiers.CLASS, Qualifiers.UNIT_TEST_FILE})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class SourceTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;
@@ -80,7 +80,7 @@ public final class DefaultPages {
       CoreMetrics.NEW_OVERALL_LINES_TO_COVER_KEY, CoreMetrics.NEW_OVERALL_BRANCH_COVERAGE_KEY, CoreMetrics.NEW_OVERALL_CONDITIONS_TO_COVER_KEY,
       CoreMetrics.NEW_OVERALL_UNCOVERED_CONDITIONS_KEY})
   @RequiredMeasures(anyOf = {CoreMetrics.COVERAGE_KEY, CoreMetrics.IT_COVERAGE_KEY, CoreMetrics.OVERALL_COVERAGE_KEY})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class CoverageTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;
@@ -106,7 +106,7 @@ public final class DefaultPages {
   @ResourceQualifier(
       value = {Qualifiers.VIEW, Qualifiers.SUBVIEW, Qualifiers.PROJECT, Qualifiers.MODULE, Qualifiers.PACKAGE, Qualifiers.DIRECTORY, Qualifiers.FILE, Qualifiers.CLASS,
           Qualifiers.UNIT_TEST_FILE})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class IssuesTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;
@@ -124,7 +124,7 @@ public final class DefaultPages {
   @NavigationSection(NavigationSection.RESOURCE_TAB)
   @DefaultTab(metrics = {CoreMetrics.DUPLICATED_LINES_KEY, CoreMetrics.DUPLICATED_BLOCKS_KEY, CoreMetrics.DUPLICATED_FILES_KEY, CoreMetrics.DUPLICATED_LINES_DENSITY_KEY})
   @ResourceQualifier({Qualifiers.FILE, Qualifiers.CLASS})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class DuplicationsTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
index 6861d7c4748fc454ff27a2897c027b7911a09c91..285dfd37656db785c9ee874375df5115b1174375 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
@@ -389,4 +389,4 @@ class ResourceController < ApplicationController
     render :partial => 'resource_deleted'
   end
 
-end
\ No newline at end of file
+end

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb
index a9cf8d75b5235a4d47ca514c0868420b6f67605f..3760a8456b3797876ccb2686005fb19ad454c897 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb
@@ -12,77 +12,82 @@
   <div class="duplicationsMessage"><%= @duplication_group_warning -%></div>
   <% end %>
 
-  <table class="data duplications">
-    <thead>
-      <tr>
-        <th class="thin nowrap"><%= message('duplications.blocks') -%></th>
-        <th class="thin nowrap"><%= message('duplications.number_of_lines') -%></th>
-        <th class="thin nowrap"><%= message('duplications.from_line') -%></th>
-        <th class="thin nowrap"><%= message('duplications.file') -%></th>
-        <th><%= message('duplications.details') -%></th>
-      </tr>
-    </thead>
+  <% if has_role?('codeviewer', @resource) %>
+    <table class="data duplications">
+      <thead>
+        <tr>
+          <th class="thin nowrap"><%= message('duplications.blocks') -%></th>
+          <th class="thin nowrap"><%= message('duplications.number_of_lines') -%></th>
+          <th class="thin nowrap"><%= message('duplications.from_line') -%></th>
+          <th class="thin nowrap"><%= message('duplications.file') -%></th>
+          <th><%= message('duplications.details') -%></th>
+        </tr>
+      </thead>
 
-    <tbody>
-    <%
-      @duplication_groups.each_with_index do |group, group_index|
-    %>
-      <tr>
-        <td colspan="5" style="height: 10px"> </td>
-      </tr>
-      <tr id="duplGroup_<%= group_index -%>">
-        <td class="item">
-          <p><b><%=  group.size() -%></b></p>
-        </td>
+      <tbody>
+      <%
+        @duplication_groups.each_with_index do |group, group_index|
+      %>
+        <tr>
+          <td colspan="5" style="height: 10px"> </td>
+        </tr>
+        <tr id="duplGroup_<%= group_index -%>">
+          <td class="item">
+            <p><b><%=  group.size() -%></b></p>
+          </td>
 
-        <td class="item">
-          <% group.each_with_index do |dup, index| %>
-            <p id="duplCount-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:lines_count].to_i -%></p>
-          <% end %>
-        </td>
+          <td class="item">
+            <% group.each_with_index do |dup, index| %>
+              <p id="duplCount-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:lines_count].to_i -%></p>
+            <% end %>
+          </td>
 
-        <td class="item">
-          <% group.each_with_index do |dup, index| %>
-            <p id="duplFrom-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:from_line].to_i -%></p>
-          <% end %>
-        </td>
+          <td class="item">
+            <% group.each_with_index do |dup, index| %>
+              <p id="duplFrom-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:from_line].to_i -%></p>
+            <% end %>
+          </td>
 
-        <td class="fileItem">
-          <% group.each_with_index do |dup, index|
-            resource = dup[:resource]
-            external = resource.root_id != @resource.root_id
-            lines_count = dup[:lines_count].to_i
-            from_line = dup[:from_line].to_i
-            included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
-            lines_count = dup[:lines_count].to_i
-            update_snippet_script = "updateDuplicationLines('#{url_for :action => :show_duplication_snippet, :params => {:id => resource.id, :original_resource_id => @resource.id}}',#{group_index}, #{index}, #{lines_count}, #{from_line}, #{included_to_line});"
-          %>
-            <p id="duplName-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>">
-              <a href="#" onclick="return <%= update_snippet_script -%>;"><%= h resource.name -%></a>
-              <%= image_tag "links/external.png" if external -%>
-            </p>
-          <% end %>
+          <td class="fileItem">
+            <% group.each_with_index do |dup, index|
+              resource = dup[:resource]
+              external = resource.root_id != @resource.root_id
+              lines_count = dup[:lines_count].to_i
+              from_line = dup[:from_line].to_i
+              included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
+              lines_count = dup[:lines_count].to_i
+              update_snippet_script = "updateDuplicationLines('#{url_for :action => :show_duplication_snippet, :params => {:id => resource.id, :original_resource_id => @resource.id}}',#{group_index}, #{index}, #{lines_count}, #{from_line}, #{included_to_line});"
+            %>
+              <p id="duplName-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>">
+                <a href="#" onclick="return <%= update_snippet_script -%>;"><%= h resource.name -%></a>
+                <%= image_tag "links/external.png" if external -%>
+              </p>
+            <% end %>
 
-        </td>
+          </td>
 
-        <td class="sourceItem">
-          <%
-            duplication = group[0]
-            resource = duplication[:resource]
-            from_line = duplication[:from_line].to_i
-            lines_count = duplication[:lines_count].to_i
-            external = resource.root_id != @resource.root_id
-            included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
-          %>
-          <div id="source-<%= group_index -%>">
-            <%= render :partial => 'duplications_source_snippet', :locals => {:resource => resource, :original_resource => @resource, :from_line => from_line, :to_line => included_to_line, :lines_count => lines_count, :external => external, :group_index => group_index} -%>
-          </div>
-        </td>
-      </tr>
-    <%
-        end
-    %>
-    </tbody>
+          <td class="sourceItem">
+            <%
+              duplication = group[0]
+              resource = duplication[:resource]
+              from_line = duplication[:from_line].to_i
+              lines_count = duplication[:lines_count].to_i
+              external = resource.root_id != @resource.root_id
+              included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
+            %>
+            <div id="source-<%= group_index -%>">
+              <%= render :partial => 'duplications_source_snippet', :locals => {:resource => resource, :original_resource => @resource, :from_line => from_line, :to_line => included_to_line, :lines_count => lines_count, :external => external, :group_index => group_index} -%>
+            </div>
+          </td>
+        </tr>
+      <%
+          end
+      %>
+      </tbody>
 
-  </table>
-<% end %>
\ No newline at end of file
+    </table>
+  <% else %>
+    <div class="note" style="margin: 5px;"><%= message('code_viewer.no_source_code_displayed_due_to_security') -%></div>
+  <% end %>
+
+  <% end %>

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb
index eea1aa3371fc9d7665bdbcc371ba7f92028f6560..624ad76e79e887c3bf050ef3505722014022d92a 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb
@@ -15,19 +15,23 @@
     <% end %>
 
     <% if @lines && @lines.size>0 %>
-      <%= render :partial => "shared/source_display", :locals => { :display_manual_violation_form => @display_manual_violation_form, \
-                                                                   :scm_available => @scm_available, \
-                                                                   :display_coverage => @display_coverage, \
-                                                                   :lines => @lines, \
-                                                                   :expanded => @expanded, \
-                                                                   :display_violations => @display_violations, \
-                                                                   :display_issues => @display_issues, \
-                                                                   :has_global_issues => @global_issues && @global_issues.size>0, \
-                                                                   :resource => @resource, \
-                                                                   :snapshot => @snapshot, \
-                                                                   :review_screens_by_vid => @review_screens_by_vid, \
-                                                                   :filtered => @filtered}
-      %>
+      <% if has_role?('codeviewer', @resource) %>
+        <%= render :partial => "shared/source_display", :locals => { :display_manual_violation_form => @display_manual_violation_form,
+                                                                     :scm_available => @scm_available,
+                                                                     :display_coverage => @display_coverage,
+                                                                     :lines => @lines,
+                                                                     :expanded => @expanded,
+                                                                     :display_violations => @display_violations,
+                                                                     :display_issues => @display_issues,
+                                                                     :has_global_issues => @global_issues && @global_issues.size>0,
+                                                                     :resource => @resource,
+                                                                     :snapshot => @snapshot,
+                                                                     :review_screens_by_vid => @review_screens_by_vid,
+                                                                     :filtered => @filtered}%>
+
+      <% else %>
+        <div class="note" style="margin: 5px;"><%= message('code_viewer.no_source_code_displayed_due_to_security') -%></div>
+      <% end %>
     <% end %>
 
     <% if @duplication_groups %>

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb
index 8d7706cdf9ba369cd016a0d875869d55f796f35d..2f2901c8369b289e39ee731f579e5853a1ad2a47 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb
@@ -1,4 +1,4 @@
-<% display_options = @scm_available || @expandable || @filtered || @display_issues
+<% display_options = (@scm_available || @expandable || @filtered || @display_issues) && has_role?('codeviewer', @resource)
    if display_options
 %>
 

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb
index e48fcafaa355be961f4920eedb81d62be37b42a3..d24cae1a30eb5ea65f5f92b5b573136abd8f69d3 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb
@@ -76,9 +76,9 @@
       <tr class="row pos<%= index+1 -%>">
 
           <% if display_manual_violation_form %>
-            <%= render :partial => "shared/source_issue_form", :locals => { :resource_id => resource.id, \
-                                                                                :index => index, \
-                                                                                :gray_colspan => gray_colspan, \
+            <%= render :partial => "shared/source_issue_form", :locals => { :resource_id => resource.id,
+                                                                                :index => index,
+                                                                                :gray_colspan => gray_colspan,
                                                                                 :white_colspan => white_colspan} %>
           <% end %>
 
@@ -99,9 +99,9 @@
           <%= render :partial => "shared/source_line_numbers", :locals => {:index => line.id} %>
 
           <% if display_coverage %>
-            <%= render :partial => "shared/source_coverage", :locals => {:line => line, \
-                                                                          :statuses => {:hits => hits_status, :conditions => conditions_status}, \
-                                                                          :index => index, \
+            <%= render :partial => "shared/source_coverage", :locals => {:line => line,
+                                                                          :statuses => {:hits => hits_status, :conditions => conditions_status},
+                                                                          :index => index,
                                                                           :resource_key => snapshot.resource.key} %>
           <% end %>
 
@@ -110,8 +110,8 @@
       </tr>
 
       <% if display_issues && line.issues? %>
-        <%= render :partial => "shared/source_issues", :locals => { :line => line, \
-                                                                    :display_manual_violation_form => display_manual_violation_form, \
+        <%= render :partial => "shared/source_issues", :locals => { :line => line,
+                                                                    :display_manual_violation_form => display_manual_violation_form,
                                                                     :scm_available => scm_available} %>
       <% end %>